Complete all challenges

fmsrodrigues · fmsrodrigues · commit 42f400b789b5 · 2024-01-12T16:38:52.000-03:00
diff --git a/cmd/web/handlers.go b/cmd/web/handlers.go
@@ -162,8 +162,9 @@ func (app *application) userSignupPost(w http.ResponseWriter, r *http.Request) {
 }
 
 type userLoginForm struct {
-	Email               string `form:"email"`
-	Password            string `form:"password"`
+	Email    string `form:"email"`
+	Password string `form:"password"`
+
 	validator.Validator `form:"-"`
 }
 
@@ -217,6 +218,12 @@ func (app *application) userLoginPost(w http.ResponseWriter, r *http.Request) {
 
 	app.sessionManager.Put(r.Context(), "authenticatedUserID", id)
 
+	path := app.sessionManager.PopString(r.Context(), "redirectPathAfterLogin")
+	if path != "" {
+		http.Redirect(w, r, path, http.StatusSeeOther)
+		return
+	}
+
 	http.Redirect(w, r, "/snippet/create", http.StatusSeeOther)
 }
 
@@ -233,3 +240,90 @@ func (app *application) userLogoutPost(w http.ResponseWriter, r *http.Request) {
 
 	http.Redirect(w, r, "/", http.StatusSeeOther)
 }
+
+func (app *application) about(w http.ResponseWriter, r *http.Request) {
+	data := app.newTemplateData(r)
+
+	app.render(w, http.StatusOK, "about.html", data)
+}
+
+func (app *application) accountView(w http.ResponseWriter, r *http.Request) {
+	userID := app.sessionManager.GetInt(r.Context(), "authenticatedUserID")
+
+	user, err := app.users.Get(userID)
+	if err != nil {
+		if errors.Is(err, models.ErrNoRecord) {
+			http.Redirect(w, r, "/user/login", http.StatusSeeOther)
+		} else {
+			app.serverError(w, err)
+		}
+
+		return
+	}
+
+	data := app.newTemplateData(r)
+	data.User = user
+
+	app.render(w, http.StatusOK, "account.html", data)
+}
+
+type accountPasswordUpdateForm struct {
+	CurrentPassword         string `form:"currentPassword"`
+	NewPassword             string `form:"newPassword"`
+	NewPasswordConfirmation string `form:"newPasswordConfirmation"`
+
+	validator.Validator `form:"-"`
+}
+
+func (app *application) accountPasswordUpdate(w http.ResponseWriter, r *http.Request) {
+	data := app.newTemplateData(r)
+	data.Form = accountPasswordUpdateForm{}
+
+	app.render(w, http.StatusOK, "password.html", data)
+}
+
+func (app *application) accountPasswordUpdatePost(w http.ResponseWriter, r *http.Request) {
+	var form accountPasswordUpdateForm
+
+	err := app.decodePostForm(r, &form)
+	if err != nil {
+		app.clientError(w, http.StatusBadRequest)
+		return
+	}
+
+	form.CheckField(validator.NotBlank(form.CurrentPassword), "currentPassword", "This field cannot be blank")
+	form.CheckField(validator.NotBlank(form.NewPassword), "newPassword", "This field cannot be blank")
+	form.CheckField(validator.MinChars(form.NewPassword, 8), "newPassword", "This field must be at least 8 characters long")
+	form.CheckField(validator.NotBlank(form.NewPasswordConfirmation), "newPasswordConfirmation", "This field cannot be blank")
+	form.CheckField(form.NewPassword == form.NewPasswordConfirmation, "newPasswordConfirmation", "Passwords do not match")
+
+	if !form.Valid() {
+		data := app.newTemplateData(r)
+		data.Form = form
+
+		app.render(w, http.StatusUnprocessableEntity, "password.html", data)
+		return
+	}
+
+	userID := app.sessionManager.GetInt(r.Context(), "authenticatedUserID")
+
+	err = app.users.PasswordUpdate(userID, form.CurrentPassword, form.NewPassword)
+	if err != nil {
+		if errors.Is(err, models.ErrInvalidCredentials) {
+			form.AddFieldError("currentPassword", "Current password is incorrect")
+
+			data := app.newTemplateData(r)
+			data.Form = form
+
+			app.render(w, http.StatusUnprocessableEntity, "password.html", data)
+		} else if err != nil {
+			app.serverError(w, err)
+		}
+
+		return
+	}
+
+	app.sessionManager.Put(r.Context(), "flash", "Your password has been updated successfully!")
+
+	http.Redirect(w, r, "/account/view", http.StatusSeeOther)
+}
diff --git a/cmd/web/handlers_test.go b/cmd/web/handlers_test.go
@@ -245,3 +245,32 @@ func TestUserSignup(t *testing.T) {
 		})
 	}
 }
+
+func TestSnippetCreate(t *testing.T) {
+	app := newTestApplication(t)
+	ts := newTestServer(t, app.routes())
+	defer ts.Close()
+
+	t.Run("Unauthenticated", func(t *testing.T) {
+		code, headers, _ := ts.get(t, "/snippet/create")
+
+		assert.Equal(t, code, http.StatusSeeOther)
+		assert.Equal(t, headers.Get("Location"), "/user/login")
+	})
+
+	t.Run("Authenticated", func(t *testing.T) {
+		_, _, body := ts.get(t, "/user/login")
+		validCSRFToken := extractCSRFToken(t, body)
+
+		form := url.Values{}
+		form.Add("email", "alice@example.com")
+		form.Add("password", "pa$$word")
+		form.Add("csrf_token", validCSRFToken)
+		ts.postForm(t, "/user/login", form)
+
+		code, _, body := ts.get(t, "/snippet/create")
+
+		assert.Equal(t, code, http.StatusOK)
+		assert.StringContains(t, body, "<form action='/snippet/create' method='POST'>")
+	})
+}
diff --git a/cmd/web/helpers.go b/cmd/web/helpers.go
@@ -16,6 +16,11 @@ func (app *application) serverError(w http.ResponseWriter, err error) {
 	trace := fmt.Sprintf("%s\n%s", err.Error(), debug.Stack())
 	app.errorLog.Output(2, trace)
 
+	if app.debug {
+		http.Error(w, trace, http.StatusInternalServerError)
+		return
+	}
+
 	http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
 }
 
diff --git a/cmd/web/main.go b/cmd/web/main.go
@@ -18,6 +18,7 @@ import (
 )
 
 type application struct {
+	debug          bool
 	errorLog       *log.Logger
 	infoLog        *log.Logger
 	snippets       models.SnippetModelInterface
@@ -43,6 +44,7 @@ func openDB(dsn string) (*sql.DB, error) {
 func main() {
 	addr := flag.String("addr", ":4000", "HTTP network address")
 	dsn := flag.String("dsn", "web:pass@tcp(localhost:3306)/snippetbox?parseTime=true", "MySQL data source name")
+	debug := flag.Bool("debug", false, "Enable debug mode")
 	flag.Parse()
 
 	infoLog := log.New(os.Stdout, "INFO\t", log.Ldate|log.Ltime)
@@ -67,6 +69,7 @@ func main() {
 	sessionManager.Cookie.Secure = true
 
 	app := &application{
+		debug:          *debug,
 		errorLog:       errorLog,
 		infoLog:        infoLog,
 		snippets:       &models.SnippetModel{DB: db},
diff --git a/cmd/web/middleware.go b/cmd/web/middleware.go
@@ -58,6 +58,7 @@ func (app *application) recoverPanic(next http.Handler) http.Handler {
 func (app *application) requireAuthentication(next http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		if !app.isAuthenticated(r) {
+			app.sessionManager.Put(r.Context(), "redirectPathAfterLogin", r.URL.Path)
 			http.Redirect(w, r, "/user/login", http.StatusSeeOther)
 			return
 		}
diff --git a/cmd/web/routes.go b/cmd/web/routes.go
@@ -23,6 +23,7 @@ func (app *application) routes() http.Handler {
 	dynamic := alice.New(app.sessionManager.LoadAndSave, noSurf, app.authenticate)
 
 	router.Handler(http.MethodGet, "/", dynamic.ThenFunc(app.home))
+	router.Handler(http.MethodGet, "/about", dynamic.ThenFunc(app.about))
 	router.Handler(http.MethodGet, "/snippet/view/:id", dynamic.ThenFunc(app.snippetView))
 	router.Handler(http.MethodGet, "/user/signup", dynamic.ThenFunc(app.userSignup))
 	router.Handler(http.MethodPost, "/user/signup", dynamic.ThenFunc(app.userSignupPost))
@@ -33,6 +34,9 @@ func (app *application) routes() http.Handler {
 
 	router.Handler(http.MethodGet, "/snippet/create", protected.ThenFunc(app.snippetCreate))
 	router.Handler(http.MethodPost, "/snippet/create", protected.ThenFunc(app.snippetCreatePost))
+	router.Handler(http.MethodGet, "/account/password/update", protected.ThenFunc(app.accountPasswordUpdate))
+	router.Handler(http.MethodPost, "/account/password/update", protected.ThenFunc(app.accountPasswordUpdatePost))
+	router.Handler(http.MethodGet, "/account/view", protected.ThenFunc(app.accountView))
 	router.Handler(http.MethodPost, "/user/logout", protected.ThenFunc(app.userLogoutPost))
 
 	standard := alice.New(app.recoverPanic, app.logRequest, secureHeaders)
diff --git a/cmd/web/templates.go b/cmd/web/templates.go
@@ -17,6 +17,7 @@ type templateData struct {
 	Flash           string
 	IsAuthenticated bool
 	CSRFToken       string
+	User            *models.User
 }
 
 func humanDate(t time.Time) string {
diff --git a/internal/models/mocks/users.go b/internal/models/mocks/users.go
@@ -1,6 +1,9 @@
 package mocks
 
-import "lets-go-snippetbox/internal/models"
+import (
+	"lets-go-snippetbox/internal/models"
+	"time"
+)
 
 type UserModel struct{}
 
@@ -29,3 +32,30 @@ func (m *UserModel) Exists(id int) (bool, error) {
 		return false, nil
 	}
 }
+
+func (m *UserModel) Get(id int) (*models.User, error) {
+	if id == 1 {
+		u := &models.User{
+			ID:      1,
+			Name:    "Alice",
+			Email:   "alice@example.com",
+			Created: time.Now(),
+		}
+
+		return u, nil
+	}
+
+	return nil, models.ErrNoRecord
+}
+
+func (m *UserModel) PasswordUpdate(id int, currentPassword, newPassword string) error {
+	if id == 1 {
+		if currentPassword != "pa$$word" {
+			return models.ErrInvalidCredentials
+		}
+
+		return nil
+	}
+
+	return models.ErrNoRecord
+}
diff --git a/internal/models/users.go b/internal/models/users.go
@@ -14,6 +14,8 @@ type UserModelInterface interface {
 	Insert(name, email, password string) error
 	Authenticate(email, password string) (int, error)
 	Exists(id int) (bool, error)
+	Get(id int) (*User, error)
+	PasswordUpdate(id int, currentPassword, newPassword string) error
 }
 
 type User struct {
@@ -90,3 +92,50 @@ func (m *UserModel) Exists(id int) (bool, error) {
 
 	return exists, err
 }
+
+func (m *UserModel) Get(id int) (*User, error) {
+	var user User
+
+	stmt := `SELECT id, name, email, created FROM users WHERE id = ?`
+
+	err := m.DB.QueryRow(stmt, id).Scan(&user.ID, &user.Name, &user.Email, &user.Created)
+	if err != nil {
+		if errors.Is(err, sql.ErrNoRows) {
+			return nil, ErrNoRecord
+		} else {
+			return nil, err
+		}
+	}
+
+	return &user, nil
+}
+
+func (m *UserModel) PasswordUpdate(id int, currentPassword, newPassword string) error {
+	var currentHashedPassword []byte
+
+	stmt := "SELECT hashed_password FROM users WHERE id = ?"
+
+	err := m.DB.QueryRow(stmt, id).Scan(&currentHashedPassword)
+	if err != nil {
+		return err
+	}
+
+	err = bcrypt.CompareHashAndPassword(currentHashedPassword, []byte(currentPassword))
+	if err != nil {
+		if errors.Is(err, bcrypt.ErrMismatchedHashAndPassword) {
+			return ErrInvalidCredentials
+		} else {
+			return err
+		}
+	}
+
+	newHashedPassword, err := bcrypt.GenerateFromPassword([]byte(newPassword), 12)
+	if err != nil {
+		return err
+	}
+
+	stmt = "UPDATE users SET hashed_password = ? WHERE id = ?"
+
+	_, err = m.DB.Exec(stmt, string(newHashedPassword), id)
+	return err
+}
diff --git a/ui/html/pages/about.html b/ui/html/pages/about.html
@@ -0,0 +1,14 @@
+{{define "title"}}About{{end}}
+
+{{define "main"}}
+<h2>About</h2>
+<p>
+  Lorem ipsum dolor sit amet, consectetur adipiscing elit. Morbi at mauris dignissim,
+  consectetur tellus in, fringilla ante. Pellentesque habitant morbi tristique senectus
+  et netus et malesuada fames ac turpis egestas. Sed dignissim hendrerit scelerisque.
+</p>
+<p>
+  Praesent a dignissim arcu. Cras a metus sagittis, pellentesque odio sit amet,
+  lacinia velit. In hac habitasse platea dictumst.
+</p>
+{{end}}
diff --git a/ui/html/pages/account.html b/ui/html/pages/account.html
@@ -0,0 +1,25 @@
+{{define "title"}}Your Account{{end}}
+
+{{define "main"}}
+<h2>Your Account</h2>
+{{with .User}}
+<table>
+  <tr>
+    <th>Name</th>
+    <td>{{.Name}}</td>
+  </tr>
+  <tr>
+    <th>Email</th>
+    <td>{{.Email}}</td>
+  </tr>
+  <tr>
+    <th>Joined</th>
+    <td>{{humanDate .Created}}</td>
+  </tr>
+  <tr>
+    <th>Password</th>
+    <td><a href="/account/password/update">Change password</a></td>
+  </tr>
+</table>
+{{end}}
+{{end}}
diff --git a/ui/html/pages/password.html b/ui/html/pages/password.html
@@ -0,0 +1,32 @@
+{{define "title"}}Change Password{{end}}
+
+{{define "main"}}
+<h2>Change Password</h2>
+<form action='/account/password/update' method='POST' novalidate>
+  <input type='hidden' name='csrf_token' value='{{.CSRFToken}}'>
+  <div>
+    <label>Current password:</label>
+    {{with .Form.FieldErrors.currentPassword}}
+    <label class='error'>{{.}}</label>
+    {{end}}
+    <input type='password' name='currentPassword'>
+  </div>
+  <div>
+    <label>New password:</label>
+    {{with .Form.FieldErrors.newPassword}}
+    <label class='error'>{{.}}</label>
+    {{end}}
+    <input type='password' name='newPassword'>
+  </div>
+  <div>
+    <label>Confirm new password:</label>
+    {{with .Form.FieldErrors.newPasswordConfirmation}}
+    <label class='error'>{{.}}</label>
+    {{end}}
+    <input type='password' name='newPasswordConfirmation'>
+  </div>
+  <div>
+    <input type='submit' value='Change password'>
+  </div>
+</form>
+{{end}}
diff --git a/ui/html/partials/nav.html b/ui/html/partials/nav.html

Original file line number	Diff line number	Diff line change
`@@ -58,6 +58,7 @@ func (app *application) recoverPanic(next http.Handler) http.Handler {`
`58`	`58`	`func (app *application) requireAuthentication(next http.Handler) http.Handler {`
`59`	`59`	`return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {`
`60`	`60`	`if !app.isAuthenticated(r) {`
	`61`	`+ app.sessionManager.Put(r.Context(), "redirectPathAfterLogin", r.URL.Path)`
`61`	`62`	`http.Redirect(w, r, "/user/login", http.StatusSeeOther)`
`62`	`63`	`return`
`63`	`64`	`}`
Original file line number	Diff line number	Diff line change
`@@ -17,6 +17,7 @@ type templateData struct {`
`17`	`17`	`Flash string`
`18`	`18`	`IsAuthenticated bool`
`19`	`19`	`CSRFToken string`
	`20`	`+ User *models.User`
`20`	`21`	`}`
`21`	`22`
`22`	`23`	`func humanDate(t time.Time) string {`